One of the many scams perpetrated by the North Korean government is to employ fake workers in Western countries, both for the salaries and for the opportunities for insider cyber attacks.

It’s a form of cyber slavery. The North Korean state forces the workers to work for peanuts, then keeps their salaries, which helps fund North Korea’s nuclear and cyber attack programs.

Some North Korean “workers” are employed by up to four companies at once.

It turns out the phenomenon is bigger than previously known. A new report from CrowdStrike published today says they’ve investigated more than 320 incidents involving North Korean operatives getting remote IT jobs with foreign companies in the past year.

The main operator is a state-sponsored group called “Famous Chollima,” which has existed since at least 2018 and has sent between $250 million and $600 million per year to Pyongyang, funneled through complex networks spanning China, Russia, the United Arab Emirates, and elsewhere, according to the UN.

The group is also known as Nickel Tapestry, Wagemole, Storm-1877, UNC5267, Void Dokkaebi, PurpleBravo, TenaciousPungsan, BadClone, and VoidDokkaebi.

The group also develops custom malware, including BeaverTail, InvisibleFerret, a remote access trojan called GolangGhost, and, in 2025, a new Python-based version called PylangGhost.

In addition to employing fake employees, Famous Chollima tricks job seekers, especially those with cryptocurrency and blockchain experience, by luring them to fake job interview sites and encouraging them to download malicious software under the guise of “skill-testing.” They impersonate known tech companies like Coinbase, Archblock, Robinhood, and Uniswap.

They’ve increased their activity in the past year by 220%, according to CrowdStrike.

North Korean operatives have been getting jobs not only in the U.S., but also in companies based in Europe, Latin America, and around the world.

The scam is made possible not only by the post-covid remote work trend, but by AI, which “Famous Chollima” uses for creating fake identities and resumes, making identity during video job interviews and meetings, faking IT knowledge, and automating internal communication.

The vulnerability is by companies is part of a larger issue, which is that our over-reliance on video interviews and meetings means that companies don’t know who they’re hiring, and don’t know how to assess the quality or quantity of work being done by remote employees.

We really should fix this.

Superintelligent: “Skeletor-approved smart glasses & AI ❤️s farmland”

More From Elgan Media, Inc.

• Smart people use AI to get smarter

• AI slop is eating the world

• When everything is vibing

Where’s Mike? Oaxaca, Mexico!

(Why I’m always traveling.)